from the secret-message?-what-secret-message? dept

Over the last year, we have learned that keeping things secret as they pass over the Internet is much harder than we thought because of the extraordinary NSA and GCHQ surveillance programs revealed by Edward Snowden's leaks. One of the problems with traditional encryption is that its opaque text flags up rather obviously that something is being hidden. An alternative approach, known as steganography, tries to get around that by hiding secret messages in other kinds of text or images in such a way that it is not obvious -- for example, by changing individual pixels -- and therefore does not attract unwanted attention.

Those carrying out surveillance are of course perfectly aware of steganography, and have methods that allow them to inspect files for subtle changes that indicate there are hidden texts. In the usual arms-race fashion, this has now led to the development of a more advanced kind of steganography that hopes to evade those tools. It comes from Bram Cohen, creator of the important file-sharing protocol and software, BitTorrent. His new system bears the dramatic name "DissidentX"; here's how it works:

Cohen has programmed DissidentX to serve as a customizable framework for steganography that can use any method of tweaking a file from adding spaces at the end of a text file's lines to adding pixels to a video. But unlike older steganographic tools, those alterations to the camouflage file known as the "cover text" don’t serve as a set of on-or-off bits to encode the secret message. Instead, DissidentX makes the changes such that when the recipient puts the entire file through a cryptographic function known as a "hash" -- a transformation that converts it into a unique string of characters -- it produces an encrypted version of the sender's message, ready to be decrypted with the recipient's key.

As well as this more subtle approach, Cohen's DissidentX has another big advantage over traditional steganography:

He's designed DissidentX to allow multiple secret messages to be encoded in an altered file, each of which can only be read with different decryption keys. That means a single text file or video could hold messages intended for multiple recipients, or additional false messages can also be encoded into the file as red herrings.

As the article in Forbes quoted above points out, this could be important for dissidents who face the prospects of being tortured for their decryption key: alongside the real message, kept secret, a dummy text that can be given up to the authorities could be stored as well.

It's a clever approach, albeit with one drawback: the visible text in which the steganographic message is hidden has to be around 500 times longer than the invisible one. Sending such long texts might in itself draw some attention, but Cohen hopes to reduce that size factor in future versions. In any case, it doesn't really matter whether or not this particular steganographic system takes off; what's important is that people like Cohen are coming up with a range of new ways to thwart the surveillance state we find ourselves inhabiting.

from the ban-flickr! dept

The practice of hiding data in images -- known as steganography -- is nothing new. People have talked about it for ages, and we've long heard reports of how nefarious organizations used it all the time. But, of course, it can also be used for perfectly good reasons as well -- and now it may have just become a lot easier to use. Glyn Moody points us to the news of a new steganography program that is designed to work easily via Flickr, with the goal of getting news reports to various countries that try to censor the internet. The program, called Collage, supposed makes it quite easy to both encrypt and decrypt information in Flickr photos, knowing that Flickr -- unlike many news sites -- isn't often blocked in countries that censor the internet.

Of course, once word of this program gets out, that could possibly change, but the programmers behind it say they can easily expand it to work with other photo sharing sites as well.

None of this is that surprising, really. In fact, my first reaction on hearing it was to think that this can't be new, as I'm pretty sure other offerings have already allowed such functionality with Flickr. However, it is a nice reminder that every time you try to censor the internet, there will be ways through, and that includes just masking the traffic you want blocked as legitimate traffic, such as Flickr photos.